> It is not the responsibility of the operating system to protect its > users against software which assumes using the pid as a random source is > a bright and wise idea.
That is only the beginning of it. The entire concept of merging a 32 bits of globally known data, with 16 bits which are less well known -- and this is called a "seed", and given to an entirely deterministic function and then calling that "random" Where random must mean "reasonably well guessable", I suppose. This is more than a meme. It is a plot. It must take a lot of maintainance to regurgitate that kind of bad practice back into the software ecosystem over and over again. We have all this fuss about bad crypto libraries, and governments sniffing... Then we have people who still believe it is possible to perturb the above 16 bit value and make some things even partly safe... Boggles the mind.
